Field of Art
The disclosure generally relates to the field of network security analysis and specifically relates to intercepting intra-network communication for analysis.
Description of Art
“Smart” appliances are devices that can connect to a network to communicate with other devices while performing a very specific role, for example, within a home or small office. Smart appliances have some specified basic computing processing intelligence but otherwise lack capability of a full-fledged computing system such as a personal computer, phone or tablet. Examples of smart appliances include refrigerators, dishwashers, washers, dryers, thermostats, digital video recorders, DVD players, and printers. By adding a certain level of intelligence to these devices, smart appliances can be made more effective or more convenient for the user. For example, a smart dishwasher might be able to communicate with a smartphone in the local network so the user can start the dishwasher from anywhere in a house. Some smart appliances can be configured to communicate with each other within a local network. For example, a smart television may be configured to receive a video stream from a game console within the network.
However, smart appliances are vulnerable to security breaches that could embed code on the smart appliance that causes it to perform malicious behavior. For example, smart appliances infected with malicious code might be used to perform a Distributed Denial of Service (DDoS) attack on a remote web server or they could be used to send user information to unauthorized recipients. Due to limited access that users have to the functionality of smart appliances, it could be very difficult for a user to determine, on their own, whether a device is performing malicious behavior. Traditional approaches to protect networked devices from malicious code include anti-virus software installed on computers that monitors processes on the computer to determine if those processes might be exhibiting malicious behavior. Anti-virus software is typically installed on full-fledged computing systems such as personal computers, smartphones and tablets. However, smart appliances do not have the computing intelligence or resources to support anti-virus software and often do not allow users to install additional software onto the smart appliance. Therefore, anti-virus software is ill-suited to protect smart appliances from being infected with malicious code.
A network traffic hub can be included in a network to collect data about network traffic to be analyzed to detect malicious behavior. However, in many configurations, some network traffic may not flow through the network traffic hub. For example, if the network traffic hub is configured to physically intercept network traffic between a router and a switch, the network traffic hub would not receive intra-network traffic that travels through the switch only. Data about intra-network traffic can be crucial in determining the presence of malicious behavior in a local network.